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DETAILED ACTION 

1. This is in response to the amendments filed on December 12 th , 2007. Claims 1, 11, 12 and 30-32 have been 
amended; Claims 1-32 are pending and have been considered below. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1 .17(e), was 
filed in this application after final rejection. Since this application is eligible for continued examination under 37 
CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has 
been withdrawn pursuant to 37 CFR 1.1 14. Applicant's submission filed on December 12 th , 2007 has been entered. 

Claim Rejections - 35 USC § 112 

3. The amendments filed on December 12 th , 2007 have been considered and effectively overcome the previous 
rejections to Claims 1 1 and 12. Therefore, the previous 35 U.S.C. 112 rejections have been withdrawn. 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the 
applicant regards as his invention. 

5. Claims 1,3,5,7-10, 12-18, 20, 21, 24, 25, 28, 29 and 31 are rejected under 35 U.S.C. 1 12, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards 
as the invention. 

6. Claims 1, 3, 5, 8-10, 12, 16-18, 20, 21, 24, 25, 28, 29 and 31 recite the limitation "the remote device" 
throughout these claims. There is insufficient antecedent basis for this limitation in the claim. The Examiner notes 
that there is a plurality of remote devices in Claim 1. 
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7. Claim 3 recites the limitation "the received access code" in lines 6 and 7. There is insufficient antecedent 
basis for this limitation in the claim. 

8. Claims 7, 9 and 21 recite the limitation "the user" throughout these claims. There is insufficient antecedent 
basis for this limitation in the claim. The Examiner notes that there is a plurality of users in Claim 1 . 

9. The term "short" in claims 13 and 15 is a relative term which renders the claim indefinite. The term "short" is 
not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of 
ordinary skill in the art would not be reasonably apprised of the scope of the invention. 

10. The Examiner notes that due to the immense number of antecedent basis issues present, the claims have not 
been checked to the extent necessary to determine the presence of all possible antecedent basis issues. Applicant's 
cooperation is requested in correcting any errors of which applicant may become aware in the instant set of claims. 

Claim Rejections - 35 USC § 101 

11. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful 
improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

Claims 1-29 and 31 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory 
subject matter. Claims 1-29 and 31 disclose a system comprising an authentication information store and an 
authentication system, which in light of the specification, appear to be software modules. Thus, Claims 1-29 and 31 
are drawn to software per se. Software is not a series of steps or acts and this is not a process. Software is not a 
physical article or object and as such is not a machine or manufacture. Software is not a combination of substances 
and therefore not a compilation of matter. Thus, software by itself does not fall within any of the four categories of 
invention. Therefore, Claims 1-29 and 31 are not statutory. 
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Claim Rejections - 35 USC §102 

12. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the 
rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed in the United States before 
the invention by the applicant for patent or (2) a patent granted on an application for patent by another filed in the United States before the 
invention by the applicant for patent, except that an international application filed under the treaty defined in section 35 1(a) shall have the 
effects for purposes of this subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1(2) of such treaty in the English language. 

13. Claims 1-32 are rejected under 35 U.S.C. 102(e) as being anticipated by Owen et al. (2004/0187018). 

Claim 1: Owen et al. discloses a system for distributing authentication information to users of remote devices 
comprising: 

a. an authentication information store configured to store authentication information for a plurality of usersf/e. 
record passcode with primary ID 522) [figure 5]; 

b. an authentication system configured to receive a request for authentication information for one of the 
plurality of users from a remote devicefz'e. passcode request 508) [figure 5]; 

c. wherein the request comprises identity information for use in determining whether the request is from one 
of the plurality of users(7e. primary ID, PIN, etc.) [figure 5]; 

d. wherein the authentication system retrieves based on the identity informationfz'e. primary ID, etc.) the 
authentication information for the one of the plurality of users from the authentication information store [figure 5]; 

e. wherein the retrieved authentication information is provided to the remote device for use in authenticating a 
user that is requesting remote access to a computer networkfi'e. communicate encrypted passcode to the suspect user 
for presentation to the access authority) [page 2, paragraph 0010]. 
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Claim 2: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the authentication information is used in a two-factor authentication system 
[figure 1]. 

Claim 3: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above, and further discloses that the authentication information store comprises a seed store configured to 
store a plurality of seeds; wherein the authentication system is configured to receive a seed request from the remote 
device, to retrieve the one of the plurality of seeds from the seed store, to calculate an access code using the retrieved 
seed, to determine whether the calculated access code matches a received access code and to return the retrieved seed 
to the remote device where the calculated access code matches the received access code(7e. construct rotating key 
from a shared secret such as a PIN that matches a synchronized server key) [page 1 , paragraph 0007]. 
Claim 4: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 and further discloses that the request comprises an HTTP connection request [figure 10]. 
Claim 5: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the request comprises a network password and a digital signature, wherein the 
network password and digital signature are verified by the authentication system before the authentication information 
is provided to the remote device(7e. credentials include password and information transmitted from a token of an 
authorized user) [page 4, paragraph 0031]. 

Claim 6: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the identity information comprises user information and account 
information^, user id, etc.) [page 4, paragraph 0031]. 

Claim 7: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 6 above and further discloses that the identity information identifies a particular user and corresponding 
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authentication information being requested, and is used by the authentication system to authenticate the user 
requesting the authentication information^, compares user ID and respective credentials and/or password etc.) 
[page 4, paragraph 0031]. 

Claim 8: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the authentication information in the request is used by the remote device for 
two-factor authentication [figure 1]. 

Claim 9: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 8 above and further discloses that the identity information comprises a network password entered by the user of 
the remote device and a digital signature generated based on a transformation of at least a portion of the information 
in the request, a signature key and a signature algorithmfz'e. temporal-based or sequential-based value) [page 4, 
paragraph 0031]. 

Claim 10: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the authentication system does not provide the authentication information to 
the remote device because a match was not found in the authentication information store based upon the identity 
information [abstract]. 

Claim 11: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the authentication information comprises a password required for remote 
access to resources in the computer network, wherein the password is not known to a user of the remote device but is 
required for access to the resources in the computer networkfze. passcode) [abstract]. 

Claim 12: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses an access code required for remote access to resources in the computer network, 
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wherein the access code is not known to a user of the remote device but is required for access to the resources in the 
computer network(7e. passcode) [abstract]. 

Claims 13-16: Owen et al. discloses a system for distributing authentication information to users of remote devices 
as in claim 1 above and further discloses that the retrieved authentication information comprises an expiring or non- 
expiring password and/or access code which is valid for a short period of time, wherein the period of time is on the 
order of minutes [page 2, paragraph 0013]. 

Claim 17: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the retrieved authentication information comprises a seed from which access 
codes are to be generated by the remote device, wherein the seed is stored in a protected data store on the remote 
device(7e. usb tokens, etc.) [page 1, paragraph 0007]. 

Claim 18: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the retrieved authentication information is used by the remote device to gain 
access to a corporate local area network(LAN) [figure 10]. 

Claim 19: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 18 above and further discloses that two-factor authentication is used in the LAN to authenticate a user 
requesting remote access to the LAN, wherein the retrieved authentication information is used in performing two- 
factor authentication in order to gain access to the LAN [figure 10]. 

Claim 20: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 19 above and further discloses that the retrieved authentication information comprises a seed which the remote 
device's two-factor code generator uses to produce an access codefz'e. hardware tokens); 

a. wherein the access code is also based upon a value provided by the remote device's clock, wherein the 
access code is used by the remote device to gain access to the LANfz'e. time based token); 
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b. wherein the seed is used by the authentication system to also generate an access code for use in a 
comparison with the access code generated by the remote devicefz'e. synchronized key generated at the server); 

c. wherein access to the LAN is either granted or denied based upon the comparison [page 1, paragraph 

0007]. 

Claim 21: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 20 above and further discloses that the remote device only generates the access code when access to the LAN is 
requested by the user of the remote devicefz'e. generate passcode after receiving request) [page 1, paragraph 0010]. 
Claim 22: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 20 above and further discloses that the authentication information store comprises an index by user name that 
indicates users authorized for remote access to the LAN(ie. authorized users list maintained by the authentication 
authority) [page 1, paragraph 0010]. 

Claim 23: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 22 above and further discloses that the authentication information store stores user seed values form which 
access codes are to be generatedfz'e. synchronized key generated at the server) [page 1, paragraph 0007]. 
Claim 24: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the remote device is a wireless mobile communication device [page 2, 
paragraph 0011]. 

Claim 25: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 24 above and further discloses that the remote device stores the authentication information in a data storefz'e. 
usb token) [page 1, paragraph 0007]. 
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Claims 26 and 27: Owen et al. discloses a system for distributing authentication information to users of remote 
devices as in claim 25 above, and further discloses that the data store is implemented in a smart card or USB token(ie. 
usb token, etc.) [page 1, paragraph 0007]. 

Claim 28: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the remote device is a desktop computer [page 2, paragraph 001 1]. 
Claim 29: Owen et al. discloses a system for distributing authentication information to users of remote devices as in 
claim 1 above and further discloses that the remote device communicates with the authentication system over a 
communication system, wherein the communication system comprise a wide area network (WAN) and a wireless 
network gateway [figure 10]. 

Claim 30: Owen et al. discloses a method for distributing authentication information for remotely accessing 
computer resources, comprising: 

a. receiving a request for the authentication information from a remote device, the request comprising identity 
information of a user of the remote devicef/'e. passcode request 508) [figure 5]; 

b. wherein the authentication information is stored in an authentication data store (ze. record passcode with 
primary ID 522) [figure 5]; 

c. authenticating the user based on the identity information in the requestfz'e. primary ID, PIN, etc.) [figure 5]; 

d. returning the authentication information to the remote device to authenticate a user requesting remote 
access to a computer resources based upon the returned authentication information(?e. communicate encrypted 
passcode to the suspect user for presentation to the access authority) [page 2, paragraph 0010]. 

Claim 31: Owen et al. discloses an apparatus for handling authentication information for users of remote devices, 
comprising: 
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a. an authentication information store configured to store authentication information for a user of a remote 
device, the authentication information provided by a remote authentication systemfz'e. record passcode with primary 
ID 522) [figure 5]; 

b. a request for the authentication information from the remote device to the remote authentication system 
contains identity information^, passcode request 508) [figure 5]; 

c. a code generation system configured to retrieve the authentication information^, passcode) stored in the 
authentication information store [figure 5]; 

d. access informationzl'e. encrypted passcode is generated from passcode) is generated based upon the 
retrieved authentication information and is used to authenticate a user requesting remote access to a remote computer 
network [figure 5]. 

Claim 32: Owen ct al. discloses a method for obtaining authentication information for remotely accessing a computer 
network, comprising: 

a. providing a request from a user of a remote device to an authentication system for the authentication 
information that is stored in a data store by the authentication systemfze. passcode request 508) [figure 5]; 

b. the request comprises identity informationfz'e. primary ID, etc.) for use by the authentication system to 
authenticate the user based on the identity information provided in the request [figure 5]; 

c. receiving by the remote device the authentication information from the authentication systemfz'e. 
communicate encrypted passcode to the suspect user for presentation to the access authority) [page 2, paragraph 
0010]; 

d. wherein the received authentication information is used to authenticate a user requesting remote access to 
the computer network(7e. presentation to the access authority) [page 2, paragraph 0010]. 
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Response to Arguments 

14. Applicant's arguments with respect to claims 1 and 3 have been considered but are moot in view of the new 
ground(s) of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner should be directed 
to EDWARD ZEE whose telephone number is (571)270-1686. The examiner can normally be reached on Monday 
through Thursday 9:00AM-5 :00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Kim Y. Vu can be 
reached on (571) 272-3859. The fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information 
Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or 
Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more 
information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the 
Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like 
assistance from a USPTO Customer Service Representative or access to the automated information system, call 800- 
786-9199 (IN USA OR CANADA) or 571-272-1000. 

EZ 

March 16, 2008 
/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



